Your submission was sent successfully! Close

CVE-2021-27290

Published: 12 March 2021

ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
node-ssri
Launchpad, Ubuntu, Debian
Upstream
Released (8.0.1)
Ubuntu 21.10 (Impish Indri) Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(5.0.0-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist